In our Preparing for PCI DSS 3.2: What to Expect in 2016 blog post earlier this year, we outlined what to expect with the next version of the standard. As we move closer to publication of 3.2, what are the important dates and milestones to be aware of? Here we look at key dates to help organizations plan for PCI Data Security Standard (PCI DSS) 3.2 and Payment-Application Data Security Standard (PA-DSS) 3.2:
April 2016
- PCI DSS 3.2 is scheduled for publication at the end of April. Publication will include a summary of changes document and webinar that provides an overview of 3.2 and the timeline and resources for putting it into place.
- PCI DSS 3.2 supporting documents including Self-Assessment Questionnaires (SAQ), Attestation of Compliance (AOC) forms, Report on Compliance (ROC) templates, Frequently Asked Questions (FAQ) and Glossary will also be available at the end of the month.
May 2016
- PA-DSS 3.2 will be published at the end of the May. The changes in PA-DSS 3.2 align with the changes made in PCI DSS 3.2. Information will be provided to PA-DSS application vendors and assessors on how this update impacts their programs.
- PA-DSS 3.2 supporting documents including Report on Validation (ROV) and Attestation of Validation (AOV) forms, as well as Frequently Asked Questions (FAQ) will also be available at the end of the month.
- A transition period will be provided to support completion of PA-DSS 3.1 validations already in progress.
October 2016
- PCI DSS 3.1 will retire six months after the release of PCI DSS 3.2, and at this time all assessments will need to use version 3.2.
February 2018
- The new requirements introduced in PCI DSS will be considered best practices until 31 January 2018. Starting 1 February 2018 they are effective as requirements.
For more information on planned changes in the standard, check out Preparing for PCI DSS 3.2: What to Expect in 2016 .
Subscribe to this blog for the latest information on 3.2 and other PCI updates.
